More than 15 years after the launch of the microblogging social media platform, Twitter remains a dominant public forum for instant communication with individuals and organizations worldwide on a universe of topics, including cybersecurity.
Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space – followed by five accounts on the increasingly active Mastodon security community. Our review considered experience in enterprise cybersecurity, contributions to research and real-time developments, and Twitter-specific metrics like following and activity frequency.
Table of Contents
One of Europe’s top malware analysts thanks to her work for places like Malwarebytes, Aleksandra Doniec has provided a number of in-depth ransomware analyses and security tools throughout her career. Her contributions were significant enough to have her included in Forbes’ 2018 “30 Under 30 Europe” in the Technology category. Her private account offers a host of cybersecurity insights, particularly related to malware and ransomware, along with personal tweets. Her website also provides links to some of the useful cybersecurity tools and scripts she has created over the years, many of them open source.
Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Shah provides her expertise in hacking, software development, and kernel development and advocates for open source initiatives. This is an account to watch for developers working in Linux environments.
Security technologist Bruce Schneier was respected long before the launch of Twitter. His 1994 book detailing cryptographic algorithms (Applied Cryptography) was just the beginning of his contributions to technical perspectives on system design, cybersecurity, privacy, and more. His Twitter updates are short, newsy, and to the point. They include links to his blog posts, which expand on the mentioned topic.
Dave Kennedy started as a forensic analysis and cyber warfare specialist in the US Marine Corps before entering the enterprise space. Kennedy founded cybersecurity-focused TrustedSec and Binary Defense Systems and co-authored Metasploit: The Penetration Tester’s Guide. He retweets multiple experts’ posts on different security topics and also participates in industry conversations and events.
Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab. Kaspersky currently serves as CEO and a distinguished cybersecurity expert in the international community. He discusses both consumer and business security on his Twitter feed and covers a wide variety of cybersecurity topics.
Starting with her first desktop on a Unix machine at age 12, Eva Galperin’s contributions to cybersecurity include research on malware and privacy. Galperin is the current Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and noted free speech advocate. Note that Galperin’s current Twitter discussions now center more around politics rather than cybersecurity.
Graham Cluley started as a videogame developer and antivirus programmer three decades ago before serving in senior roles at Sophos and McAfee. In recent years, Cluley has been well-known for his cybersecurity analysis, blog, and award-winning podcast Smashing Security. The podcast takes a lighter approach to major cybersecurity topics, for those who want a more humorous look at the industry.
Through tenures at Citrix, HP, and Bugcrowd, Jason Haddix offers his expertise in the areas of penetration testing, web application testing, static analysis, and more. Haddix continues to provide his insights on Twitter while occasionally appearing on podcasts. Consider following Haddix if you want to learn more about security testing news and trends.
With deep industry experience, Jeremiah Grossman was the Information Security Officer for Yahoo!, founder and CTO of WhiteHat Security, and Chief of Security Strategy for SentinelOne. Grossman is an innovative industry leader. He currently works in security strategy at Tenable. Grossman’s tweets are short and straightforward, covering both enterprise tips and nationwide security news.
Marcus J. Carey
Marcus J. Carey started his cybersecurity career assisting federal agencies with pen testing, incident response, and digital forensics. Two decades later, the information security expert is a distinguished author (Tribe of Hackers), entrepreneur, and speaker. Occasionally he posts security career information for those in the job field.
As managing vulnerabilities in embedded systems become increasingly crucial to cybersecurity, Maria Markstedter offers her expertise as an independent security researcher and founder of Azeria Labs. Markstedter actively contributes to filling the infosec education gap.
Matthew Green is a renowned expert in cryptographic engineering. Green’s contributions to applied cryptography are profound, and his other research includes securing storage and payment systems. He is currently an Associate Professor at John Hopkins University.
Katie Moussouris’ resume includes studying at MIT and Harvard, enterprise experience at Symantec and Microsoft, and years of promoting bug bounty programs and white hat hacking. Today, Moussouris is the founder and CEO of cybersecurity consultancy Luta Security.
Also read: Top Next-Generation Firewall (NGFW) Vendors
Formerly on the FBI’s Most Wanted list, Kevin Mitnick is a crucial figure in the history of information security, including approaches to social engineering and penetration testing. Today, Mitnick operates his consultancy and serves as Chief Hacking Officer for KnowBe4. He also participates in educational sessions hosted by other major tech companies, covering cybersecurity topics.
Mikko Hyppönen is the veteran chief research officer of Finish cybersecurity company WithSecure. After three decades of experience analyzing and following the latest security threats, Hyppönen continues to offer his perspective on privacy, cybersecurity, and so-called “smart” devices.
Once a penetration tester, Paul Asadoorian has been the founder and CEO of Security Weekly and host of a weekly show since 2005. Asadoorian has built a cybersecurity media force while also serving as a partner for Offensive Countermeasures. He is currently a security evangelist at Eclypsium.
Google’s Security Princess is Parisa Tabriz, one of the technology giant’s most esteemed hackers. Tabriz has led Google Chrome’s security since 2013, which extends to managing product, engineering, and UX today. Tabriz is a tireless advocate for ethical hacking.
Three-time winner of DEF CON’s Social Engineering Capture the Flag Contest, Rachel Tobac is a hacker and CEO of SocialProof Security. Tobac’s expertise in social engineering and spreading awareness provides excellent insight into today’s sophisticated threats.
Robert M. Lee
Dragos founder and CEO Robert M. Lee started his career as a Cyber Warfare Operations Officer for the U.S. Air Force before building the SANS Institute’s first dedicated ICS monitoring courses. Lee continues to be a leading voice in the critical infrastructure cybersecurity space.
Runa Sandvik was a hacker and early developer of the Tor network before her rise to senior director of information security for the New York Times. Today Sandvik is an independent researcher and consultant and advocate for strengthening freedom of the press and privacy. Her Twitter feed often addresses international security news.
Hacker, researcher, and entrepreneur Samy Kamkar launched a unified communications company as a teen before setting off an XSS attack against MySpace. Lesson learned, Kamkar continues to test security integrity years later as co-founder and CSO of Openpath Security.
The pseudonymous information security expert known as SwiftOnSecurity is a prominent voice in the universe of cybersecurity. They continually offer a balanced dose of genuine insight into systems and security with the funniest and hardest-hitting memes for SysAdmin.
Tavis Ormandy is an ethical hacker and an information security engineer for Google Project Zero. Ormandy’s expertise includes vulnerability hunting, research, and software development with a bundle of GitHub contributions and published research. His tweets often discuss older technology or ask interactive questions of other experts.
Commonly known as just the Grugq, Thaddeus Grugq is a security researcher and hacker known for publications and commentary regarding forensic analysis, international espionage, and cybersecurity. In recent years, Grugq has talked openly about high-end exploit brokering.
Troy Hunt is an Australian web security consultant and perhaps best known for his project Have I Been Pwned (HIBP), which helps users confirm if their data was compromised due to a breach. After 14 years of enterprise experience at Pfizer, Hunt offers his expertise in a weekly vlog. He’s also written infosec courses for Pluralsight.
Accounts to follow on Mastodon
Some popular security leaders have shifted their focus to Mastodon, an open source social media platform, in the wake of recent turmoil at Twitter. Mastodon’s infosec.exchange platform is specifically geared toward the security industry. Check out these accounts if you prefer not to use Twitter.
Brian Krebs still has a Twitter account (@krebsonsecurity), but he posts more regularly about security on Mastodon. He is known for his strong background in journalism, writing often about cybercrime.
Marcus Hutchins is a security researcher. He frequently posts about artificial intelligence, Twitter, and politics on his Mastodon feed.
Jake Williams is a security researcher and IANS faculty member. He posts about a variety of international security topics, and also maintains a presence on Twitter.
IT industry veteran and former Hacker of the Year Lesley Carhart is another security researcher who has made the move to Mastodon. She consistently contributes to research and dialogue around incident response, digital forensics, industrial control system security, and more. Carhart is currently the Director of Incident Response at Dragos.
To learn more about security, read about our picks for the best cybersecurity podcasts.
Jenna Phipps updated this article on April 3, 2023.
Get the Free Cybersecurity Newsletter
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.